VDB
CVE-2021-37712
CVE-2021-37712
PUBLISHED
CVSS 8.699999809265137 HIGH
In Node.js existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Modulen "tar" und "@npmcli/arborist" und aufgrund von Symlink-Fehlern. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.
EPSS 0.09% · 24.7th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.09%
24.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle Linux | |
| Fedora | Fedora Linux | |
| IBM | IBM Tivoli Netcool/OMNIbus 8.1.0 | |
| Gentoo | Gentoo Linux | |
| Debian | Debian Linux | |
| IBM | IBM QRadar SIEM 7.5 | |
| Red Hat | Red Hat Enterprise Linux | |
| IBM | IBM InfoSphere Information Server | |
| SUSE | SUSE Linux | |
| IBM | IBM QRadar SIEM | |
| Juniper | Juniper JUNOS |
Exploit Intelligence
- nids_rules.yar (github-yara)
- nids_rules.yar (github-yara)
- nids_rules.yar (github-yara)
- nids_rules.yar (github-yara)
- nids_rules.yar (github-yara)
- nids_rules.yar (github-yara)
- nids_rules.yar (github-yara)
- nids_rules.yar (github-yara)
- Spring4Shell.yara (github-yara)
- Spring4Shell.yara (github-yara)
…and 46 more exploits
Timeline
- Aug 31, 2021 CVE Published
- Sep 1, 2021 EPSS Score
- Sep 10, 2021 EPSS Score
- Oct 29, 2021 EPSS Score
- Nov 13, 2021 EPSS Score
- Dec 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 22, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 7, 2022 PoC Published
- Apr 21, 2022 EPSS Score
- Aug 16, 2022 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0092.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0092 advisory
- https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/ advisory
- https://access.redhat.com/errata/RHSA-2021:3638 advisory
- https://access.redhat.com/errata/RHSA-2021:3639 advisory
- https://access.redhat.com/errata/RHSA-2021:3623 advisory
- http://linux.oracle.com/errata/ELSA-2021-3623.html advisory
- https://access.redhat.com/errata/RHSA-2021:3666 advisory
- http://linux.oracle.com/errata/ELSA-2021-3666.html advisory
- https://access.redhat.com/errata/RHSA-2021:4618 advisory
- https://www.debian.org/security/2021/dsa-5008 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-December/009816.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-December/009853.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-December/009869.html advisory
- https://access.redhat.com/errata/RHSA-2021:5086 advisory
- https://access.redhat.com/errata/RHSA-2022:0041 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-January/010017.html advisory
- https://access.redhat.com/errata/RHSA-2022:0246 advisory
- https://access.redhat.com/errata/RHSA-2022:4914 advisory
- https://access.redhat.com/errata/RHSA-2022:0350 advisory
…and 32 more